Insecurity on clean website! Sucuri flags malcode! Shown here in hall of shame!

See: http://killmalware.com/shelf.com/ & http://fetch.scritch.org/%2Bfetch/?url=https%3A%2F%2Fshelf.com%2F&useragent=Fetch+useragent&accept_encoding=
See as one of the worst exponents here: https://sritest.io/#report/3e0c9a22-0c2b-47cf-b033-4ffd4ad655d1
4 non-same-origin issues.
jQuery code to be retired: -https://shelf.com/
Detected libraries:
jquery - 1.8.3 : -https://cdn.inspectlet.com/inspectlet.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 1.11.1 : (active1) -https://shelf.com/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

Sucuri detects instances of malware-entry-mwanomalysp8?1 - http://www.domxssscanner.com/scan?url=http%3A%2F%2Fshelf.com%2Ffeatures

And this external script flagged: -https://dx00s3z7lulvj.cloudfront.net/assets/application-b1e7634ccbbf462c25887d9472e27a0e.js
Detected libraries:
jquery - 1.11.1 : -https://dx00s3z7lulvj.cloudfront.net/assets/application-b1e7634ccbbf462c25887d9472e27a0e.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
1 vulnerable library detected Designed and built with all the love in the world by @mdo and @fat, but could better get retired now. Zip code for later reference and install something less vulnerable! Re: Results from scanning URL:
-https://dx00s3z7lulvj.cloudfront.net/assets/application-b1e7634ccbbf462c25887d9472e27a0e.js
Number of sources found: 247
Number of sinks found: 53

The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Server: nginx/1.5.7 + Phusion Passenger 4.0.25
X-Powered-By: Phusion Passenger 4.0.25

polonus (volunteer website security analyst and website error-hunter)

I could have add these insecure results: https://securityheaders.io/?q=https%3A%2F%2Fshelf.com
They received an E/Status.

polonus